Communications of the ACM

This was not because our Bitcoin was stolen from a honeypot, rather the graduate student who created the wallet maintained a copy and his account was compromised. If security experts can’t safely keep cryptocurrencies on an Inter-net-connected computer, nobody can. If Bitcoin is the “Internet of money,” what does it say that it cannot be safely stored on an Internet connected computer?

Bugs can also naturally cause significant damage to cryptocurrency holdings. Although this potentially can affect any cryptocurrency, the biggest danger for bugs arises when cryptocurrencies are combined with “smart contracts”—programs that are generally immutable once deployed and that automatically execute upon the transfer of currency. The most successful platform for these is Ethereum, a cryptocurrency that allows writing programs in a language called Solidity.

Bugs in these smart contracts can be catastrophic. The first big smart contract, the DAO or Decentralized Autonomous Organization, sought to create a democratic mutual fund where investors could invest their Ethereum and then vote on possible investments. Approximately 10% of all Ethereum ended up in the DAO before someone discovered a reentrancy bug that enabled the attacker to effectively steal all the Ethereum. The only reason this bug and theft did not result in global losses is that Ethereum developers released a new version of the system that effectively undid the theft by altering the supposedly immutable blockchain.

Since then there have been other
catastrophic bugs in these smart con-
tracts, the biggest one in the Parity
Ethereum wallet software (see https://
bit.ly/2Fm7je4). The first bug enabled
the mass theft from “multisignature”
wallets, which supposedly required
multiple independent cryptographic
signatures on transfers as a way to pre-
vent theft. Fortunately, that bug caused
limited damage because a good thief
stole most of the money and then re-
turned it to the victims. Yet, the good
news was limited as a subsequent bug
rendered all of the new multisignature
wallets permanently inaccessible, ef-
fectively destroying some $150M in no-
tional value. This buggy code was large-
ly written by Gavin Wood, the creator
of the Solidity programming language
and one of the founders of Ethereum.
Again, we have a situation where even
an expert’s efforts fell short.

Individual Economic Risks

Everything about the cryptocurrency space is full of bubbles. Since all volatile cryptocurrencies are actually substantially inferior for legal purposes, this implies that the actual value as currency is effectively $0, so the only store of value is in other utility for a distributed trustless public append-only ledger.

Yet the Bitcoin blockchain, due to consolidation of mining into a few mining pools, does not actually distribute trust. Instead the system is effectively controlled by less than 10 entities self-selected by their willingness to consume power and anyone using Bitcoin implicitly trusts a majority of these few entities. Every proof of work blockchain seems to experience similar consolidation as the more efficient miners inevitably drive out less efficient ones. Given the almost trivial cost of building a three-transactions-per-second distributed system with identified and trusted entities using cryptographic signatures instead of proof of work this suggests the utility value for these cryptocurrencies is also effectively $0. This means everyone participating in the cryptocurrency market is basing the value only on the price that somebody else will pay—no different from tulip bulbs or beanie babies—and are all vulnerable to substantial and sudden collapse.

But further magnifying the prob-
lem is a large number of scams. There
is a current trend in “Initial Coin Of-
ferings,” mostly consisting of crypto-
graphic tokens implemented on top
of an existing cryptocurrencies such as
Bitcoin or Ethereum. Although claim-
ing to be crowd-sold tokens for pur-
chase of future services, the tradeable
nature of these tokens has resulted in
their acting as unregistered securities
in a bubble market. There are also or-
ganized groups conducting pump-and-
dump schemes, complete with fancy
websites, animated advertisements,
and even placing paper advertisements
in BART commuter trains in San Fran-
cisco, CA. This market developed large-
ly in absence of regulation, although
regulators like the U.S. Securities and
Exchange Commission are finally start-
ing to pay attention.

Likewise, not only is a bubble often a natural Ponzi scheme, there are many explicit or likely Ponzi schemes. In the early days of Bitcoin approximately 10% of all Bitcoin were invested in Bitcoin Savings and Trust, a Ponzi scheme run by a pseudonymous individual known to the community only as PirateAt40. The editor of Bitcoin Magazine at the time so much believed it was not a Ponzi scheme that he made side bets that it was not, using Bitcoin that he did not have, just before the scheme collapsed.

Even explicitly advertised Ponzi schemes see significant activity, such as the “Proof of Weak Hands’, a Ponzi scheme implemented as an Ethereum smart contract. More than $1 million in notional value flowed into the scheme in the space of a few hours before the flow stabilized. Two days later, one bug froze the scheme (making withdraws impossible) before a second bug enabled a thief to take all the value.

Systemic Risks

The entire cryptocurrency environ-
ment also faces systemic risks includ-
ing worms, exchanges, central authori-
ties, and government intervention.
Peer-to-peer systems, and especially
those written in unsafe languages such
as C and C++, are particularly vulner-
able to worms. A worm that can exploit
a P2P node and then spread to all con-
nected nodes takes approximately the
same time to spread worldwide as a
broadcast message in the same net-
work. For cryptocurrencies that mini-
mize the time required to send trans-
actions, this would enable a worm to
spread globally in a matter of seconds.
The ease of theft and the common
practice of speculators using multiple
cryptocurrencies create an incentive
for thieves to deploy worms, because a
worm could spread through one cryp-
tocurrency’s network and then steal all
other cryptocurrencies accessible on
The entire
cryptocurrency
environment also
faces systemic risks.